kernel: xen/privcmd: fix double free via VMA splitting

A flaw was found in the Linux kernel's xen/privcmd module. A local user could exploit this by performing a partial unmapping of a privcmd memory region. This action causes a Virtual Memory Area VMA to split, leading to duplicated internal memory pointers. As a result, the same memory can be freed...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007413)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007413 advisory. In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes...

Linux Distros Unpatched Vulnerability : CVE-2011-2519

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xen in the Linux kernel, when running a guest on a host without hardware assisted paging HAP, allows guest users to cause a denial of service invalid pointer...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002377)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002377 advisory. The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of...

CVE-2022-50761

The CVE-2022-50761 entry concerns a memory leak in the Linux kernel under x86/xen: in xen_init_lock_cpu(), a string allocated with kasprintf() is not freed if bind_ipi_to_irqhandler() fails, potentially leaking memory. The description notes this memory leak is fixed in Xen/CPU initialization code...

EUVD-2022-55495

Malicious code in bioql PyPI...

SUSE CVE-2025-38595

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes through - up to xen folks As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine fo...

CVE-2025-38595 xen: fix UAF in dmabuf_exp_from_pages()

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes through - up to xen folks As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine fo...

The vulnerability of the Xen kernel component in the Linux operating system, which allows a hacker to trigger a service failure

The vulnerability of the xen component in the Linux operating system’s kernel is related to a memory leak in the xenbusdevprobe function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Xen kernel component in the Linux operating system, related to the assignment of NULL pointers, allows a hacker to trigger a service failure.

The vulnerability of the Xen kernel component in the Linux operating system is related to the assignment of NULL pointers. Exploiting this vulnerability can allow an attacker to cause a service failure...

DEBIAN-CVE-2024-46762

In the Linux kernel, the following vulnerability has been resolved: xen: privcmd: Fix possible access to a freed kirqfd instance Nothing prevents simultaneous ioctl calls to privcmdirqfdassign and privcmdirqfddeassign. If that happens, it is possible that a kirqfd created and added to the...

ROS-20240916-09

The vulnerability of the x86 HVM Hypercall Handler component of the Xen kernel's x86 HVM hypervisor is related to the ability to freely switch between 64-bit and other system modes. Linux kernel hypervisor is related to the ability to freely switch between 64-bit and other system modes...

kernel: x86/xen: Fix memory leak in xen_smp_intr_init{_pv}()

A memory leak was found in the Linux kernel's Xen SMP interrupt initialization functions for x86 architectures. When interrupt handler binding fails during setup, the error path frees various resources but neglects to free dynamically allocated interrupt name strings created via kasprintf. This...

The vulnerability of the xenvif_get_requests() function in the drivers/net/xen-netback/netback.c module of the Xen kernel in the Linux operating system allows a attacker to compromise the integrity, confidentiality, and accessibility of the protected information.

The vulnerability of the xenvifgetrequests function in the drivers/net/xen-netback/netback.c module of the Xen kernel in the Linux operating system is related to accessing memory beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the integrity,...

FreeBSD : xen-kernel -- multiple vulnerabilities (da70d472-af59-11e7-ace2-f8b156b439c5)

The Xen project reports multiple vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors Redistribution and use in source VuXM...

FreeBSD : xen-kernel -- broken check in memory_exchange() permits PV guest breakout (90becf7c-1acf-11e7-970f-002590263bf5)

The Xen Project reports : The XSA-29 fix introduced an insufficient check on XENMEMexchange input, allowing the caller to drive hypervisor memory accesses outside of the guest provided input/output arrays. A malicious or buggy 64-bit PV guest may be able to access all of system memory, allowing f...

FreeBSD : xen-kernel -- x86 PV guests may be able to mask interrupts (3ae078ca-c7eb-11e6-ae1b-002590263bf5)

The Xen Project reports : Certain PV guest kernel operations page table writes in particular need emulation, and use Xen's general x86 instruction emulator. This allows a malicious guest kernel which asynchronously modifies its instruction stream to effect the clearing of EFLAGS.IF from the state...

FreeBSD : xen-kernel -- x86: Mishandling of SYSCALL singlestep during emulation (942433db-c661-11e6-ae1b-002590263bf5)

The Xen Project reports : The typical behaviour of singlestepping exceptions is determined at the start of the instruction, with a DB trap being raised at the end of the instruction. SYSCALL and SYSRET, although we don't implement it behave differently because the typical behaviour allows userspa...

FreeBSD : xen-kernel -- x86 CMPXCHG8B emulation fails to ignore operand size override (80a897a2-c1a6-11e6-ae1b-002590263bf5)

The Xen Project reports : The x86 instruction CMPXCHG8B is supposed to ignore legacy operand size overrides; it only honors the REX.W override making it CMPXCHG16B. So, the operand size is always 8 or 16. When support for CMPXCHG16B emulation was added to the instruction emulator, this restrictio...

FreeBSD : xen-kernel -- CR0.TS and CR0.EM not always honored for x86 HVM guests (4d7cf654-ba4d-11e6-ae1b-002590263bf5)

The Xen Project reports : Instructions touching FPU, MMX, or XMM registers are required to raise a Device Not Available Exception NM when either CR0.EM or CR0.TS are set. Their AVX or AVX-512 extensions would consider only CR0.TS. While during normal operation this is ensured by the hardware, if ...